My colleague Dave Barker is pushing me towards making Easy Passwords a full-featured LastPass alternative. Given the LastPass security vulnerabilities that were published recently and the ones I am about to publish myself soon I cannot really blame him. Getting there will take a while but we’ve reached an important milestone on the way: with Easy Passwords 1.1.0 user names will now be filled in automatically as well, so for most login forms you won’t need to type anything at all any more. Implementing this feature in a user-friendly way was more complicated than it sounds, if you are interested you can see the iteration process we went through in the corresponding issue.
Now that this is out of the way the next steps are:
- Make it easier to create a new password for the same user name
- Add sync functionality
- Allow storing password notes
- Show passwords as QR codes (poor man’s mobile solution)
- Optionally show actual password text on the passwords overview page
Currently, Easy Passwords supports desktop browsers only (Firefox, Chrome, Opera, in future most likely Edge as well). Ideally, it would work with mobile browsers as well but mobile browsers aren’t exactly famous for being extensible, with Firefox on Android being the only exception. One idea is wrapping up something similar to the online version of Easy Passwords as an Android extension, albeit with sync functionality so that the right password could be selected from the list instead of replicating all of its parameters. It would still require typing the website name manually (not secure against phishing pages) and copying password to clipboard (not very convenient) however. Also, as I don’t need this functionality personally I’m not very likely to spend time developing it, so anybody is welcome to volunteer.
Wait, you’re saying that Easy Passwords has the same vulnerabilities as Last Pass? Or are you saying that you have more vulnerabilities to disclose about Last Pass? That part about Dave Baker demanding an alternative with seemingly the same flaws is odd.
I am saying that I have more vulnerabilities to disclose about LastPass – actually happened two days ago. Dave Barker actually wants to switch away from LastPass which is why he is working on comparable functionality.